
We found results for “”
CVE-2025-2565
Good to know:

Date: March 20, 2025
The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.
Severity Score
Severity Score
Weakness Type (CWE)
Insertion of Sensitive Information Into Sent Data
CWE-201Top Fix

Upgrade Version
Upgrade to version com.liferay:com.liferay.dynamic.data.mapping.form.web:4.0.174;https://github.com/liferay/liferay-portal.git - 7.4.3.127-ga127
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |